FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371418
Date:      2014-10-24
Time:      01:58:13Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
eb12ebee-b7af-11e1-b5e0-000c299b62e1clamav -- multiple vulnerabilities

MITRE Advisories report:

The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence.

The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

The Microsoft CHM file parser allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

The TAR file parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header ofxi the next entry.


Discovery 2012-03-19
Entry 2012-06-16
clamav
lt 0.97.5

clamav-devel
lt 20120612

CVE-2012-1419
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
eb12ebee-b7af-11e1-b5e0-000c299b62e1clamav -- multiple vulnerabilities

MITRE Advisories report:

The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence.

The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

The Microsoft CHM file parser allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

The TAR file parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header ofxi the next entry.


Discovery 2012-03-19
Entry 2012-06-16
clamav
lt 0.97.5

clamav-devel
lt 20120612

CVE-2012-1419
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
24b64fb0-af1d-11dd-8a16-001b1116b350clamav -- off-by-one heap overflow in VBA project parser

Advisory from Moritz Jodeit, November 8th, 2008:

ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment.

A VBA project file embedded inside an OLE2 office document send as an attachment can trigger the off-by-one.

Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:

libclamav/vba_extract.c: get_unicode_name off-by-one, bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<


Discovery 2008-11-08
Entry 2008-11-10
clamav
lt 0.94.1

clamav-devel
lt 20081105

http://www.securityfocus.com/archive/1/498169/30/0/threaded
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
CVE-2008-5050
24b64fb0-af1d-11dd-8a16-001b1116b350clamav -- off-by-one heap overflow in VBA project parser

Advisory from Moritz Jodeit, November 8th, 2008:

ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment.

A VBA project file embedded inside an OLE2 office document send as an attachment can trigger the off-by-one.

Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:

libclamav/vba_extract.c: get_unicode_name off-by-one, bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<


Discovery 2008-11-08
Entry 2008-11-10
clamav
lt 0.94.1

clamav-devel
lt 20081105

http://www.securityfocus.com/archive/1/498169/30/0/threaded
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
CVE-2008-5050